---
apiVersion: v1
kind: Service
metadata:
  name: postgres-headless
  labels:
    app: postgres
spec:
  ports:
  - port: 5432
    name: postgres-port
    targetPort: postgres-port
  clusterIP: None
  selector:
    app: postgres
    version: "16.2"
---
apiVersion: v1
kind: Service
metadata:
  name: postgres-np
  labels:
    app: postgres
spec:
  ports:
  - port: 5432
    name: postgres-port
    targetPort: postgres-port
    nodePort: 32543
  type: NodePort
  selector:
    app: postgres
    version: "16.2"
---
apiVersion: v1
kind: Secret
metadata:
  name: postgres-secret
type: Opaque
stringData:
  POSTGRES_USER: artur
  POSTGRES_PASSWORD: password
--- 
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: &app postgres 
spec:
  selector:
    matchLabels:
      app: *app
      version: &version "16.2"
  serviceName: postgres-headless
  replicas: 1 
  minReadySeconds: 10 
  
  template:
    metadata:
      labels:
        app: *app
        version: *version
    spec:
      terminationGracePeriodSeconds: 30
      containers:
        - name: postgres
          image: postgres:16.2
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 5432
              name: postgres-port
          envFrom:
            - secretRef:
                name: postgres-secret
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              name: postgresdata
          resources:
            requests:
              cpu: "0.4"
              memory: "256Mi"
            limits:
              cpu: "1"
              memory: "1024Mi"
  volumeClaimTemplates:
  - metadata:
      name: postgresdata
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 10Gi 
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pgadmin-pvc
#  annotations:
#    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: 500Mi
---
kind: Service
apiVersion: v1
metadata:
  name: pgadmin-svc
spec:
  ports:
    - protocol: TCP
      port: 80
      name: http
      targetPort: 80
      nodePort: 30861
  selector:
    app: pgadmin
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin
  labels:
    app: pgadmin
  annotations:
    reloader.stakater.com/auto: "true"
    secret.reloader.stakater.com/reload: "pg-tls"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pgadmin
  template:
    metadata:
      labels:
        app: pgadmin
    spec:
      initContainers:
      - name: busybox
        image: busybox:1.34.1
        imagePullPolicy: IfNotPresent
        command:
          - 'sh'
          - '-c'
          - 'chown 5050:5050 /tmp/mount'
        volumeMounts:
          - mountPath: /tmp/mount
            name: state
      containers:
      - name: pgadmin
        image: dpage/pgadmin4:8.4
        imagePullPolicy: IfNotPresent
        ports:
          - containerPort: 80
            name: http
            protocol: TCP
        env:
          - name: PGADMIN_DEFAULT_EMAIL
            value: "artur@kryukov.biz"
          - name: PGADMIN_DEFAULT_PASSWORD
            value: "password"
        resources:
          requests:
            memory: "100Mi"
            cpu: "0.2"
          limits:
            memory: "800Mi"
            cpu: "0.8"
        volumeMounts:
          - mountPath: /var/lib/pgadmin
            name: state
      volumes:
        - name: state
          persistentVolumeClaim:
            claimName: pgadmin-pvc
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pgadmin
  annotations:
    cert-manager.io/cluster-issuer: dev-ca-issuer
    cert-manager.io/common-name: pg.kryukov.local
    cert-manager.io/subject-organizations: "home dev lab"
    cert-manager.io/subject-countries: "RU"
    cert-manager.io/subject-localities: "Moscow"
    cert-manager.io/duration: "9125h"
    cert-manager.io/renew-before: "360h"
    cert-manager.io/usages: "server auth"
    cert-manager.io/private-key-algorithm: RSA
    cert-manager.io/private-key-encoding: "PKCS8"
    cert-manager.io/private-key-size: "4096"
    cert-manager.io/private-key-rotation-policy: Always
spec:
  ingressClassName: system-ingress
  rules:
    - host: pg.kryukov.local
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: pgadmin-svc
                port:
                  name: http
  tls:
    - hosts:
      - pg.kryukov.local
      secretName: pg-tls